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302 ESTABLISH GLOBAL ZONE 130 



v 



304 ESTABLISH AT LEAST ONE 
NON-GLOBAL ZONE 140 



310 LIMIT VISIBILITY AND/OR ACCESS BY 
PROCESS 232 IN GLOBAL ZONE 130 TO 
OBJECT 234 IN GLOBAL ZONE 130 AND 
SELECTIVELY TO OBJECT 244 IN 
NON-GLOBAL ZONE 140 



320 LIMIT VISIBILITY AND/OR ACCESS BY 
PROCESS 174-1 IN NON-GLOBAL ZONE 140 
TO OBJECT 244 IN NON-GLOBAL ZONE 140 
(FIG. 3C) 



Tig. 3 A 
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312 ENABLE VISIBILITY OF OBJECT 234 IN 
GLOBAL ZONE 130 BY PROCESS 232 IN THE 
GLOBAL ZONE 130 AND VISIBILITY OF OBJECT 
244 IN THE NON-GLOBAL ZONE 140 BY PROCESS 
232 IN THE GLOBAL ZONE 130 
(FIG. 3D) 



v 



314 ENABLE ACCESS TO OBJECT 234 IN GLOBAL ZONE 
130 BY PROCESS 232 IN THE GLOBAL ZONE 130 BUT 
SELECTIVELY RESTRICT ACCESS TO OBJECT 244 BY 
PROCESS 232 IN THE GLOBAL ZONE 130 
(FIG. 3E) 
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Title: Global Visibility Controls For Operating System Partitions 
Inventor(s): Andrew G. Tucker, et al. 

Date: January 21, 2004 Express Mail No. EV323351533US 

0589 Docket No:. 15437-0589 Sheet 7 of 14 



7/14 



322 ENABLE VISIBILITY OF OBJECT 244 IN NON-GLOBAL ZONE 
140 BY PROCESS 174-1 IN THE NON-GLOBAL ZONE 140 BUT 
RESTRICT VISIBILITY OF OBJECT 234 IN THE GLOBAL ZONE 
130 BY PROCESS 174-1 IN THE NON-GLOBAL ZONE 140 

(FIG. 3F) 



324 ENABLE ACCESS TO OBJECT 244 IN 
NON-GLOBAL ZONE 140 BY PROCESS 
174-1 IN THE NON-GLOBAL ZONE 140 BUT 
RESTRICT ACCESS TO OBJECT 234 IN THE 
GLOBAL ZONE 130 BY PROCESS 174-1 IN 
THE NON-GLOBAL ZONE 140 
(FIG. 3G) 



FIG. 3A 
BLOCK 320 




<Fig. 3C 
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332 RECEIVING AN IDENTIFIER ASSOCIATED 
WITH GLOBAL ZONE 130 



)[ 

334 REFLECTING A PROCESS TABLE FROM AN 

OPERATING SYSTEM KERNEL TO A 
SUBDIRECTORY OF THE ROOT DIRECTORY OF 
THE FILE SYSTEM ASSOCIATED WITH THE 
OPERATING SYSTEM 



FIG. 3B 
BLOCK 312 
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342 RECEIVING A REQUEST FROM A PROCESS 232 
ASSOCIATED WITH GLOBAL ZONE 130 TO ACCESS 
AN OBJECT 



I 



344 DETERMINING BASED UPON A ZONE 
IDENTIFIER WHETHER THE REQUEST FROM 
PROCESS 232 ASSOCIATED WITH GLOBAL ZONE 

130 IS ATTEMPTING TO ACCESS AN OBJECT 
ASSOCIATED WITH A ZONE OTHER THAN GLOBAL 
ZONE 130 




1 


r 


348 PERMIT THE REQUEST FROM 
PROCESS 232 ASSOCIATED WITH 
GLOBAL ZONE 130 TO ACCESS AN 
OBJECT 234 




r 




FIG. 3B 
BLOCK 314 I 



352 PERMIT THE REQUEST FROM 
PROCESS 232 ASSOCIATED WITH 
GLOBAL ZONE 130 TO ACCESS AN 
OBJECT 244(A) OR OBJECT 244(B) 
OF NON-GLOBAL ZONE 140(A) OR (B 




354 DENY THE REQUEST FROM 
PROCESS 232 ASSOCIATED WITH 
GLOBAL ZONE 130 TO ACCESS AN 
OBJECT 244(A) OR OBJECT 244(B) 
OF NON-GLOBAL ZONE 140(A) OR (B 




<Fig. 3<E 
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362 RECEIVING AN IDENTIFIER ASSOCIATED 
WITH NON-GLOBAL ZONE 140 



364 REFLECTING A PORTION OF A PROCESS 
TABLE FROM AN OPERATING SYSTEM KERNEL 
TO A SUBDIRECTORY OF A ROOT DIRECTORY 
OF A PORTION OF A FILE SYSTEM ASSOCIATED 
WITH THE NON-GLOBAL ZONE 140 




r 


366 LIMITIING APROCE 
NON-GLOBAL ZONE 14 
THE PORTION OF 
ASSOCIATED WITH THE 


ESS ASSIGNED TO THE 
0 TO HAVE ACCESS TO 
THE FILE SYSTEM 
NON-GLOBAL ZONE 140 



FIG. 3B 
BLOCK 314 
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372 RECEIVING A REQUEST FROM A PROCESS 
174-1 (A) ASSOCIATED WITH NON-GLOBAL ZONE 
140(A) TO ACCESS AN OBJECT 



374 DETERMINING BASED UPON A ZONE 
IDENTIFIER WHETHER THE REQUEST FROM 

PROCESS 174-1 (A) ASSOCIATED WITH 
NON-GLOBAL ZONE 140(A) IS ATTEMPTING 
TO ACCESS AN OBJECT ASSOCIATED WITH A 
ZONE OTHER THAN NON-GLOBAL ZONE 140(A) 




1 v 



M PERMIT THE REQUEST FROM 
A PROCESS 174-1 (A) ASSOCIATED 
WITH NON-GLOBAL ZONE 140(A) 
TO ACCESS AN OBJECT 244(A) 



310 DENY THE REQUEST FROM A 
PROCESS 174-1 (A) ASSOCIATED 
WITH NON-GLOBAL ZONE 140(A) TO 

ACCESS AN OBJECT 244(B) OR 
OBJECT 234 OF GLOBAL ZONE 130 




<Fig.3g 
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392 RECEIVING A REQUEST BY THE PROCESS 232 
ASSIGNED TO GLOBAL ZONE 1 30 FOR 
PERMISSION TO ACCESS OBJECT 244 
ASSOCIATED WITH NON-GLOBAL ZONE 140 



394 ASSOCIATING A PRIV_PROC_ZONE PRIVILEGE 
WITH THE PROCESS ASSIGNED TO GLOBAL ZONE 

130 



FIG. 3B 
BLOCK 314 




Tig. 3H 
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402 

/ 

global # zoneadm list -v 

ID NAME STATE 
0 global running 
100my-zone running 

global # ps -e -o pid, zoneid, comm S 



PATH 

I 

/auxO/my-zone. 



-404 



406 



0 
0 



0 sched 
0 /etc/init 



100180 0 /usr/lib/netsvc/yp/ypbind 

100228 0 /usr/lib/autofs/automountd 

100248 0 /usr/sbin/nscd 

103152 100/usr/sbin/inetd 

• ♦ • 

103148 100 /usr/lib/autofs/automountd 

103141 100 /usr/lib/netsvc/yp/ypbind 



408 



global # zlogin my-zone ps -e -o pid, zoneid, comm 
PID ZONEID COMMAND 



410 



103130 100 zsched 

1 031 48 1 00 /usr/lib/autofs/automountd 

103141 100 /usr/lib/netsvc/yp/ypbind 

103152 100/usr/sbin/inetd 

103139 100/usr/sbin/rpcbind 

103143 100 /usr/sbin/nscd 



412 
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